Blackhole exploit kit targets only Windows computers, Macs could be up next

Nov 23, 2012 18:41 GMT  ·  By

Sophos is signaling the emergence of a new email scam that purports to be an Apple invoice. The so-called electronic bill contains quite a few telltale signs of it being malware, but Sophos is keen to let everyone know it must be avoided.

Chester Wisniewski, senior security advisor at Sophos Canada, reportedly received the invoice displayed to the left via email.

He immediately spotted the clues that led him to conclude it was nothing but a scam. However, as a security researcher, he quickly made a blog entry to warn everyone.

“The social engineering isn't exactly perfect. I haven't been known by the Windows variable %email% in at least 10 years. Whoever is behind this has paid a lot of attention to detail, though,” he writes.

“The link ‘View/Download’ ends in download.jpg.exe, while the ‘Cancel’ and ‘Not your order’ URLs end in check.php.”

“The smart social engineering bit is that, whether you are simply curious what this is about or furious about this unauthorized charge, you are still likely to click one of the links,” says Wisniewski.

The links in the invoice are said to download a trojan onto Windows computers. That’s right, the scam doesn’t target Macs, but that’s not necessarily a rule for the future. Trojans have become quite mainstream on OS X too.

If the scam is successful (i.e. convinces you to download the goods), it infects your computer with the Zeus/ZBot Trojan, says Wisniewski.

“If the recipient is exploited or downloads and executes the file they are infected with the Zeus/ZBot Trojan, which is designed to log your keystrokes and compromise your bank accounts,” he writes.

Of course, anyone should be wary of following any links in an invoice that says you’ve been billed hundreds of dollars when you know you haven’t been spending that much money with Apple.

And even if you have, Wisniewski says you can run Sophos Anti-Virus on your computer and it will detect the malware in such email scams.